Really? Rob would NEVER send me this kind of message. I realized he was hacked and in a MAJOR way. Someone was responding to me from WITHIN his account!

Out of concern for his company’s reputation, I reached out directly to Rob by creating a new Email and sending it straight to him. (He moved to Office365 from our Email servers so this was the only action I could take on his behalf.)

The REAL Rob wrote back…

John,

I was hacked and Microsoft is working on my account as I type this. Thanks for informing me! They think they have stopped it.

Of course, while I was on the phone with Microsoft the hacker texted me twice and called me! I’m calling Verizon now to report him and block the number.

Rob

Talk about a scary hacking scenario.

Imagine having your Email accounts so thoroughly hacked that someone could reply from within your environment pretending to be you… it sent shivers up my spine.

The ramifications to Rob’s company as a result of this Email hack are serious.

Was the hacker able to see other Email messages? (Probably)

Was client data exposed? (Possibly)

How about sensitive passwords and other information? Did the hacker see those? ( Likely)

Should Rob publicly notify clients he was hacked and that they should take actions to protect themselves? (Probably)

Could this impact Rob’s E&O rates? (Likely)

Here’s the thing… I know Rob. He had a decent password.

How could this happen? Rob didn’t have 2-factor authentication and clicked on a message he shouldn’t have which gave the attacker a way to bypass his account password…

…So the hacker broke into Rob’s Office365 Email account and did some serious damage in spite of his strong password.

And while Microsoft’s response to fix this is laudable, the incident demonstrates the potential security weakness of the Office365 platform in its default setting.

And the kicker is OTHER Office 365 users are being hacked in exactly the same way. We’ve seen it across multiple domains that have decided to leverage Office 365 managed by their local techs. Inexperienced admins are implementing Office365 without two-factor authentication.

So, if you decide to roll out Office 365, be prepared to pay for added tech support costs to ensure the environment is properly configured… they will happen.

(Our Office 365 Option is a managed service. While a little more of an investment than Microsoft’s standard fair, it comes backed with full support and a direct line to Microsoft should technical issues arise.)

Office 365 has a place. And we may eventually see this become the only option available from Microsoft in the future…

That said, we think most clients will be well served by continuing with our Enterprise Class and Hosted Exchange products as they have tight security controls and are much easier for folks to administrate. Meanwhile, Microsoft Office apps are quite affordable over at Amazon.com…

So what if you have ALREADY moved over to Office365? You can take actions to make your Office 365 implementation more secure.

This will make it substantially more difficult for a hacker to gain entry into your account.

If you are unsure how to accomplish this or simply lack the Admin access, be sure to instruct your techs to implement two-factor security right away.

Meanwhile, if you are looking for rock-solid Enterprise-class Email without the complexity, reach out to us today! We offer a wide array of managed Email solutions designed to help small businesses get business done without the complexity of worrying about Email service management.

Schedule a Free Review

Save $180! Get a Complimentary Consult

& Attract More Prospects

SiteforLess

SiteforLess is the realization of Greendays Group’s goal to be “One easy step to online marketing success™” and passion of “Unleashing companies via online marketing™”. Designed for small and mid-sized financial services throughout the United States, SiteforLess offers an awesome, rock-solid website presence. We help you be seen & found with powerful, fully supported & managed enhancements that make our implementation of managed WordPress totally unique. Indeed SiteforLess is “Managed WordPress Made Secure, Quick, Capable, & Affordable!™”